[FUG-BR] LDAP AGAIN
William David FUG-BR
fugbr em biosystems.ath.cx
Quinta Agosto 28 18:00:44 BRT 2008
Boa Tarde
gostaria de pedir a ajuda pra uma cosia que esta me deixando careca.
estou com um maldito erro no Openldap.
no qual ele nao retorna os grupos corretamente pelo id e o samba se
perde ao logar com o usuário não permitindo ele conectar aos
compartilhamentos pela restrição de grupos.
eu estava escrevendo uma artigo sobre o FREBSD + OLDAP + Samba + e
empaquei nisso
vejam o artigo que tem visão completa das configuração e explicações
http://biosystems.ath.cx:8080/wiki/doku.php?id=manuais:sar
# id bio
uid=1013(bio) gid=513(Domain Users) groups=513(Domain Users)
# id teste
uid=1395(teste) gid=513(Domain Users) groups=513(Domain Users)
# id teste1
uid=1396(teste1) gid=513(Domain Users) groups=513(Domain Users)
Aug 28 16:19:33 Bartelby id: nss_ldap: could not search LDAP server -
Server is unavailable
# getent group
teste1:*:1000:teste,bio,teste1
teste2:*:1003:teste,bio
teste3:*:1004:teste,bio
teste4:*:1005:teste,bio
# /usr/local/libexec/slapd -V
@(#) $OpenLDAP: slapd 2.4.11 (Jul 25 2008 13:17:13) $
root em Bartelby.schwarz:/usr/ports/net/openldap24-server/work/openldap-2.4.11/servers/slapd
# /var/db/pkg/
pam_ldap-1.8.4
db46-4.6.21.1
nss_ldap-1.257
openldap-sasl-client-2.4.11
openldap-sasl-server-2.4.11
smbldap-tools-0.9.5
samba-3.0.31_1,1
############################################
minhas config são:
# /usr/local/etc/nss_ldap.secret <-> /etc/ldap.secret <->
/usr/local/etc/ldap.secret
teste
# /usr/local/etc/nss_ldap.conf <-> /etc/ldap.conf <-> /usr/local/etc/ldap.conf
host schwarz-001b
uri ldap://schwarz-001b:389/
port 389
base dc=schwarz
bind_policy soft
rootbinddn cn=Manager,dc=schwarz
pam_password SSHA
ssl no
bind_policy soft
nss_base_passwd ou=Users,dc=schwarz?one
nss_base_passwd ou=Computers,dc=schwarz?one
nss_base_group ou=Groups,dc=schwarz?one
# /usr/local/etc/openldap/ldap.conf
BASE dc=schwarz
URI ldap://192.168.1.232 ldap://192.168.2.100
BINDDN cn=manager,dc=schwarz
# /usr/local/etc/openldap/slapd.conf
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
ServerID 001
modulepath /usr/local/libexec/openldap
moduleload back_hdb
loglevel 256
database hdb
suffix "dc=schwarz"
rootdn "cn=Manager,dc=schwarz"
rootpw {SSHA}qgsEroh1jPssq3EOKn74TESuVhLm95Wl
directory /var/db/openldap-sch
checkpoint 1024 5
index objectClass,uidNumber,gidNumber,entryUUID,entryCSN,contextCSN
eq
index cn,sn,uid,displayName
pres,sub,eq
index memberUid,mail,givenname
eq,subinitial
index sambaSID,sambaPrimaryGroupSID,sambaDomainName,sambaGroupType,sambaSIDList
eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
lastmod on
syncrepl rid=001
provider=ldap://192.168.1.232
type=refreshAndPersist
interval=00:00:00:10
searchbase="dc=schwarz"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=manager,dc=schwarz"
credentials=teste
retry="60 +"
syncrepl rid=003
provider=ldap://192.168.2.100
type=refreshOnly
interval=00:00:02:00
searchbase="dc=schwarz"
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=manager,dc=schwarz"
credentials=teste
retry="60 +"
mirrormode on
access to *
by self write
by anonymous auth
by * none
## /etc/nsswitch.conf
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
# host schwarz-001b
schwarz-001b.schwarz has address 192.168.1.232
# netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 192.168.1.232.59920 192.168.2.100.389 TIME_WAIT
tcp4 0 0 192.168.1.232.53064 192.168.1.232.389 TIME_WAIT
tcp4 0 0 192.168.1.232.389 192.168.2.100.58975 ESTABLISHED
tcp4 0 0 192.168.1.232.389 192.168.1.232.63562 ESTABLISHED
tcp4 0 0 192.168.1.232.63562 192.168.1.232.389 ESTABLISHED
tcp4 0 52 192.168.1.232.22 192.168.1.246.55668 ESTABLISHED
tcp4 0 0 192.168.1.232.389 192.168.1.232.55105 ESTABLISHED
tcp4 0 0 192.168.1.232.55105 192.168.1.232.389 ESTABLISHED
tcp4 0 0 *.389 *.* LISTEN
tcp6 0 0 *.389 *.* LISTEN
--
-=-=-=-=-=-=-=-=-=-
William David Armstrong <----. Of course it runs
Bio Systems Security Networking <----|==========================
MSN / GT biosystems em gmail.com <----' OpenBSD or FreeBSD
--------------------------------------
Mais detalhes sobre a lista de discussão freebsd